CVSS: 10.0EPSS: 33%CPEs: 124EXPL: 0CVE-2009-2462 – Mozilla Browser engine crashes
https://notcve.org/view.php?id=CVE-2009-2462
22 Jul 2009 — The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 185EXPL: 2CVE-2009-2535 – Multiple Browsers - Denial of Service
https://notcve.org/view.php?id=CVE-2009-2535
20 Jul 2009 — Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero gran... • https://www.exploit-db.com/exploits/9160 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0CVE-2009-2210 – Thunderbird mail crash
https://notcve.org/view.php?id=CVE-2009-2210
25 Jun 2009 — Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecu... • http://secunia.com/advisories/35561 •
CVSS: 9.3EPSS: 29%CPEs: 202EXPL: 4CVE-2009-1833 – Firefox JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1833
12 Jun 2009 — The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. El motor JavaScript en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a ata... • http://osvdb.org/55152 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1838 – Firefox arbitrary code execution flaw
https://notcve.org/view.php?id=CVE-2009-1838
12 Jun 2009 — The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. La implementación de la recolección de basura en Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anterio... • http://osvdb.org/55157 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1841 – Firefox JavaScript arbitrary code execution
https://notcve.org/view.php?id=CVE-2009-1841
12 Jun 2009 — js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arb... • http://osvdb.org/55159 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 13%CPEs: 202EXPL: 2CVE-2009-1832 – Firefox double frame construction flaw
https://notcve.org/view.php?id=CVE-2009-1832
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar co... • http://osvdb.org/55148 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 1%CPEs: 202EXPL: 2CVE-2009-1836 – Firefox SSL tampering via non-200 responses to proxy CONNECT requests
https://notcve.org/view.php?id=CVE-2009-1836
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 utilizan la cabecera HTTP del servidor para determina... • http://osvdb.org/55160 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 93%CPEs: 112EXPL: 11CVE-2009-1392 – Firefox browser engine crashes
https://notcve.org/view.php?id=CVE-2009-1392
12 Jun 2009 — The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNext... • http://osvdb.org/55144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 5%CPEs: 198EXPL: 0CVE-2009-1303 – Firefox 2 and 3 Layout engine crash
https://notcve.org/view.php?id=CVE-2009-1303
22 Apr 2009 — The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. El navegador del motor en Mozilla Firefox versiones anteriores a v3.0.9, Thunderbird versiones anteriores a v2.0.0.22, y SeaMonkey versiones anteriores a v1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •